DDoS attacks: what they are and how you can keep them at bay

Staying one step ahead

Cyber criminals are becoming increasingly sophisticated in their attacks on organisations, with intricate script-writing and manipulative social engineering creating new modes of offence every day.

But one tried and tested attack vector you would no doubt have read about before is the Distributed Denial of Service method, more commonly known as DDoS.

Giving us the full low-down on this cybercrime staple in our Q&A is Fred Kost, VP of security firm Ixia.

TechRadar Pro: For the uninitiated, what is a DDoS attack?

Fred Kost: It is a multi-faceted attack that leverages legitimate applications and services on the internet and often infected computers or botnets to create large-scale attacks.

Often, it can be quick and dirty - the attacker's devices are compromised systems that make attribution difficult or the misuse of legitimate services and applications. As a result, DDoS attacks can be hard to defend against and have a big impact.

DDoS attacks are likely to continue since organisations are unable to protect against all attacks and there is a general lack of co-ordination within the industry.

This is largely due to the fact that IT teams often procure disparate security systems that sit passive on their network since dropping them in line without testing incurs an element of risk.

TRP: What are the motivations behind DDoS attacks?

FK: The motivations of a DDoS attack can vary but the majority are financially motivated and deliberately designed to disrupt business operations. However, some are ideologically motivated and designed to counter the political stance of an organisation.

The one constant is that any industry can fall victim to an attack, with costs and downtime remaining the same.

TRP: How are DDoS attacks carried out?

FK: DDoS can be carried out using volumetric attacks, traffic floods or attacks to render an application unresponsive. Any defence or mitigation strategy must address all of these areas in order to be successful.

TRP: What are the tools available that can be used to launch a DDoS attack?

FK: A variety of software is available to launch a denial of service attack. For example, infected hosts can be used to build a botnet, readily available applications and services can be used to reflect attacks and machines can even be rented to launch attacks.

What makes DDoS particularly prevalent is that most of time users do not realise if they are hosting or herding the attack. Their IP maybe at the centre of an onslaught and they are none the wiser.

TRP: Why are DDoS attacks on the rise?

FK: The rapid increase in the volume of DDoS threats is largely because the tools available to launch DDoS attacks are readily available making it easier for hackers.

Sometime DDoS violations may even be smokescreens designed to distract security teams while another attack is underway.

TRP: How are DDoS attacks evolving?

FK: Developments in reflection and amplification mean that botnet herders are getting better at moving around quickly and can just move to another IP or region if they are discovered.

As a result, organisations must be proactive in developing a defence strategy - one that includes products, services and a response process.

TRP: How can organisations develop these defence and mitigation strategies to counter DDoS attacks?

FK: Much like the fire drill that is practised to evaluate building evacuation effectiveness, DDoS mitigation requires testing and practice to ensure that the technologies and processes put in place can stop any damage.

When under attack, DDoS mitigation must be able to allow the "good" traffic through yet block and suppress the "bad" traffic. This can be a challenge so organisations need to be prepared by testing mitigation strategies with tools that simultaneously launch a comprehensive set of DDoS attacks with other attack techniques to identify any weak points.

TRP: DDoS attacks are just the tip of the iceberg, so how can organisations stay ahead of other new threats?

FK: Mitigation against new threats requires testing and practice to ensure that technologies and processes can stop the damage that new threats can cause. Forward-looking organisations will go one step further by building real world proof of concepts and lab setups that can test security resiliency.